Sarbanes-Oxley Act of 2002 Promises Far-Reaching Implications for Public Companies


To Our Public Company Clients:

The Sarbanes-Oxley Act of 2002 (the “Act”) was signed into law by President Bush on July 30 in an attempt to help eliminate accounting fraud and restore confidence in the nation’s financial markets.  The Act makes some of the most significant changes in decades in laws affecting directors, officers, and corporate reporting obligations.  The Act contains significant amendments to federal securities laws, including expanded CEO/CFO certification requirements for annual and quarterly reports filed with the SEC, increased current reporting requirements, enhanced enforcement, increased civil and criminal penalties, and increased review of periodic filings by the SEC.  The Act establishes a new Accounting Oversight Board responsible for regulating accounting firms that audit companies filing financial reports with the SEC.

A few of the Act’s provisions are immediately effective, or become effective very soon.  The Act leaves many of the critical details and the implementation of the Act to the rule-making authority of the SEC over the next several months.  Public companies should give immediate attention to compliance with the Act.


Some important features of the Act which affect public companies and insiders are as follows:

  • CEO and CFO Certifications – Effective immediately, CEOs and CFOs are required to certify their company’s financial reports in Forms 10-Q and 10-K.

  • Code of Ethics – Companies will be required to disclose in their periodic reports whether or not (and if not, why not) the company has a code of ethics for senior management.

  • Ban on Personal Loans to Executives – Effective immediately, most personal loans by a company to directors and executive officers are prohibited.  Existing loans may continue, but may not be modified or renewed.

  • Faster Disclosure of Insider Transactions – Effective 30 days after enactment, insiders will be required to report insider stock trades to the SEC within two business days of the transaction instead of the current ten day period.

  • No Insider Trading During Benefit Plan Blackouts – During any blackout periods in which at least 50% of the employees participating in an issuer benefit plan are prohibited from trading the company’s securities through their benefit plans, directors and executive officers will be prohibited from trading equity securities of the issuer, if they acquired the securities in connection with their service or employment as a director or executive officer.

  • New Corporate Disclosure Requirements – Effective immediately, additional information regarding material changes in financial condition or operations must be disclosed on “a rapid and current basis”; the SEC will adopt rules requiring annual management and independent auditor assessments of internal controls, and certain disclosures about these assessments; there will be additional regulation of the use of pro forma financial information; there will be additional SEC rules requiring disclosure of off-balance sheet transactions, and further inquiries by the SEC and other governmental agencies concerning the use of “off-balance sheet financing” and special purpose entities.

  • Audit Committee Regulations – The SEC will adopt rules requiring that audit committee members must be independent directors, who will be responsible for the appointment, compensation and oversight of the auditors.  Companies will also be required to disclose in their periodic reports whether or not (and if not, why not) the company has a “financial expert” on its Audit Committee.

  • New Accounting Oversight Board – A new Accounting Oversight Board will be appointed by the SEC.  Accounting firms that audit public companies will be required to register with the Board.  The Board will be responsible for establishing auditing and attestation standards, as well as ethics and quality control standards, for accounting firms who audit public companies.  The Board will regulate and supervise not only domestic accounting firms, but also foreign accounting firms that audit financial statements of companies under U.S. laws.

  • Auditor Independence – Auditors of public companies will be prohibited from providing legal services and certain other non-audit services which have customarily been provided by accounting firms, such as bookkeeping, systems design, valuation services, and various management services.

A discussion of the above provisions, together with other relevant provisions of the Act, is set forth below.


New Officer and Director Regulations

Officer Certification of Annual and Quarterly Reports.  Effective immediately, each periodic report filed by a public company must include a certification by the company’s chief executive officer (“CEO”) and chief financial officer (“CFO”) (or their equivalent) that the report fully complies with the periodic reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and that the information fairly presents, in all material respects, the financial condition and result of operations of the company.

Within 30 days, the SEC will adopt rules requiring principal executive officers and principal financial officers (or persons performing similar functions) to file a certificate with each annual or quarterly report filed with the SEC.  In general, the officer will be required to certify that (i) the officer has reviewed the report, (ii) to the officer’s knowledge it does not contain a material misstatement or omission, (iii) to the officer’s knowledge the report fairly presents the company’s financial condition and results of operations in all material respects, (iv) the officer is responsible for designing, maintaining and evaluating the effectiveness of the controls and has described their effectiveness in the report, (v) the officers have disclosed to the auditors and audit committee any material weaknesses in the controls and any individual fraud that has occurred, and (vi) the officer has indicated whether there have been any significant changes in the internal controls since the filing of previous reports.

Code of Ethics for Senior Financial Officers.  Within the next 180 days, the SEC will adopt rules requiring public companies to disclose whether or not (and if not, why not) the company has adopted a code of ethics for its senior financial officers.  The Act requires the SEC also to amend the rules to require immediate public disclosure by a company of any change in or waiver of the code of ethics.

Certain Personal Loans to Executives Prohibited.  A public company may not, directly or indirectly, make personal loans or otherwise extend credit to or for any director or executive officer, except for certain customary consumer lending transactions.  Existing loans can continue if there is not a material modification in the terms or renewal of the loan.

SEC-Barred Persons Prohibited from Serving as Officers or Directors.  Effective immediately, the SEC may bar persons from serving as officers or directors if they violate the general anti-fraud provisions of the federal securities laws and their conduct demonstrates “unfitness” to serve as an officer or director.  Under prior law, an individual could be barred by court order, at the request of the SEC, if he violated the general anti-fraud provisions of the securities laws, and his activities were found by the court to render him “substantially unfit” to serve.

Improper Influence on Conduct of Audits.  Within the next 270 days, the SEC will adopt rules to make it unlawful for an officer or director of a public company or a person acting under such person’s direction to fraudulently influence, coerce, manipulate or mislead an accounting firm in the performance of its audit.  The SEC will have exclusive authority to enforce this rule.

Responsibilities of Legal Counsel Practicing Before the SEC.  The SEC will issue rules of professional conduct for attorneys representing public companies.  The rules will require that (1) an attorney must report evidence of a material violation of the securities laws or a breach of fiduciary duty by the company or its agents to the chief legal counsel or the chief executive officer of the company, and (2) if the chief legal counsel or chief executive officer does not appropriately respond to the evidence, the attorney must report the evidence to the audit committee or other committee comprised solely of independent directors, or to the full board of directors.  These rules appear to apply to both inside and outside counsel advising a reporting company.

New Insider Trading Regulations

Reporting of Insider Stock Transactions.  Effective 30 days after enactment, the Act amends Section 16(a) of the Exchange Act to require reports of changes in beneficial ownership (i.e., Form 4) to be filed with the SEC by the end of the second business day following any transaction by insiders.  Previously, insiders did not have to report trades until the tenth day of the month following the month in which the trade occurred, meaning that an insider trade could go unreported for as many as 40 days. Within one year, Section 16 reports will be required to be filed electronically via EDGAR and companies will be required to post the Section 16 reports on their website not later than the end of the business day following the filing.

No Insider Trading During Pension Fund Blackout Periods.  Senior management is prohibited from any insider trading during pension fund blackout periods imposed on 50% or more of the participants in a defined contribution plan, such as a 401(k) plan, if a director or executive officer acquired such securities in connection with his service or employment as a director or executive officer.  This provision will go into effect 180 days after the law’s enactment.  For a further discussion of employment-related issues raised by this Act, please see the Haynes and Boone, LLP client alert Employment Obligations -- How the New Corporate Accounting Law Will Impact Employment Practices.

New Corporate Disclosure Regulations

Increased Review of Periodic Filings by the SEC.  The SEC must review, on a regular and systematic basis (at least every 3 years), disclosures made by public companies in periodic reports.  For purposes of scheduling reviews, the SEC is required to consider at least the following factors:

  • Companies that have issued material restatements of financial results.
  • Companies that have experienced significant volatility in their stock price.
  • Companies with the largest market capitalization.
  • Emerging companies with disparities in price to earnings ratios.
  • Companies whose operations significantly affect any material sector of the economy.
  • Any other factors the SEC considers relevant.

Public companies can expect enhanced scrutiny of their routine filings (e.g., Forms 10-K and 10-Q) where reviews to date of such reports have been minimal and generally coincided with registered offerings by the company.

Real Time Disclosures.  Public companies must now disclose to the public on a “rapid and current basis” such additional information concerning material changes in the financial condition or operations of the company, in plain English, as the SEC determines is necessary or useful for the protection of investors.  The provision appears explicitly to authorize the SEC’s move to a real time disclosure system.

Financial Statements Must Reflect Material Correcting Adjustments.  Each financial report that contains financial statements and is filed with the SEC must reflect all material correcting adjustments identified by the company’s accounting firm.

Disclosure of Off-Balance Sheet Transactions.  The SEC must, within the next 180 days, adopt rules requiring the disclosure in each Form 10-K and Form 10-Q of all material off-balance sheet transactions and other relationships of the company with unconsolidated entities or other persons that may have a material current or future effect on the financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources or significant components of revenues or expenses.

The SEC must further conduct a study of off-balance sheet disclosures made under the new rules and thereafter submit a report with recommendations to the President and certain other U.S. government officials regarding the off-balance sheet transactions.

Pro Forma Financial Information.  The SEC must, within the next 180 days, adopt rules requiring pro forma financial information included in any report filed with the SEC to be presented in a manner that (1) does not contain an untrue statement of a material fact or omit to state a material fact necessary to make the pro forma financial information, in light of the circumstances, not misleading; and (2) reconciles it with the GAAP financial statements.

Management Assessment of Internal Controls.  The SEC must adopt rules requiring each Form 10-K to contain an internal control report stating management’s responsibility for maintaining an adequate internal control structure and procedures for financial reporting and containing an assessment of the effectiveness of the internal control structure.  The company’s accounting firm must attest to and report on this assessment.

New Audit Committee Regulations

Public Company Audit Committee Requirements to Maintain Exchange Listing.  The SEC will, within the next 270 days, adopt a rule directing the national securities exchanges and national securities associations to prohibit the listing of any securities of a public company whose audit committee does not comply with the following requirements:

  • The audit committee must be directly responsible for the appointment, compensation and oversight of work by the accounting firm engaged by the company and the accounting firm must report directly to the audit committee.
  • Each member of the audit committee must be a member of the company’s board of directors and must be “independent” (to be independent the individual may not accept any consulting, advisory or other compensatory fee from the company except in his or her capacity as a member of the committee or board and the individual may not be an affiliate of the company).
  • The audit committee must establish procedures for handling complaints on company accounting matters and the confidential anonymous submission by employees of concerns on accounting matters.
  • The audit committee must have the authority to hire independent counsel and other advisors.
  • The company must provide funds to pay the accounting firm and any advisors employed by the audit committee.

Disclosure of Audit Committee Financial Expert.  The SEC must, within the next 180 days, adopt final rules to require each public company to disclose whether or not, and if not, the reasons therefore, the audit committee has at least one member who is a “financial expert.”  In defining the term “financial expert,” the Act states that the SEC should consider whether a person has, through education or experience, an understanding of GAAP and financial statements; experience in the preparation or auditing of financial statements of comparable companies; experience with internal accounting controls; and an understanding of audit committee functions.

Audit Committee Relationship with Auditors.  An issuer's audit committee (or, if none, the entire board) will have the authority to approve all audit and non-audit services, and approval of permitted non-audit services must be disclosed in the issuer's periodic reports.  Lead audit partners will be subject to five-year rotations, and a study will be required with respect to mandatory rotation of audit firms.  Auditors will be required to make increased reports to audit committees, including with respect to critical accounting policies and alternative GAAP applications that have been discussed with management.  The content of the audit report itself will include expanded disclosures, including disclosures with respect to an issuer's internal controls.

New Accounting Oversight Board and Auditor Independence

Supervision and Regulation of Accounting Firms.  The Act calls for the creation of a five-member independent Accounting Oversight Board (the “Board”) appointed by the SEC, and subject to SEC oversight.  Accounting firms that conduct audits of public companies will be required to register with the Board. The Board will be responsible for establishing, including through adoption of standards imposed by designated professional groups, auditing and attestation standards, as well as quality control and ethics standards.  The Board is directed to review annually each accounting firm that conducts more than 100 audits a year; accounting firms conducting fewer than 100 audits yearly are to be reviewed every three years.  The Board can investigate potential violations of rules and impose sanctions on the rule-breakers. The Board’s power extends not just to domestic accounting firms, but also to foreign public accounting firms that audit financial statements of companies under U.S. securities laws.

Auditor Independence.  Under the Act, accounting firms are barred from providing several non-audit services to their audit clients. These include bookkeeping or other services related to accounting records or financial statements; financial information systems design, appraisal or valuation services; actuarial services; management functions or human resources; broker or dealer or investment adviser services; and legal services.  The Act also addresses conflicts of interest between auditors and issuers by prohibiting public accounting firms from providing any audit services to a client if a CEO, controller, CFO or chief accounting officer of the client was employed by the accounting firm and participated in the client's audit during the one-year period prior to the initiation of the current audit.

New Securities Analysts Regulations

The SEC, or at its discretion, the NYSE or NASD, will adopt rules to limit conflicts of interest of securities analysts by enhancing the separation between investment bankers and research analysts.  The Act includes suggested examples of these rules, most of which are similar to those recently adopted by the NYSE and NASD and approved by the SEC.  Among these rules is one imposing post-offering “blackout” periods during which brokerage firms that acted as underwriters in public offerings may not publish reports on the issuer.

New Enforcement Penalties and Liability

Criminal Liability for Failure to Certify Periodic Reports Containing Financial Statements.  The Act also provides that each periodic report containing financial statements filed by a public company must include a certification by the company’s CEO and the CFO that the report fully complies with the requirements of the Exchange Act and that the information fairly presents, in all material respects, the financial condition and results of operations of the company.  A person who provides the required certification knowing that the report does not meet the requirements of the rule may be fined not more than $1 million or imprisoned for not more than 10 years, or both, and a person who willfully provides a certification knowing that the report does not meet the requirements of the rule may be fined not more than $5 million or imprisoned for not more than 20 years, or both.

NOTE: Although the SEC has 30 days to adopt rules concerning certification of periodic reports, this provision is effective immediately.  Accordingly, all Forms 10-Q and 10-K are now required to be certified.

Forfeiture of Bonuses and Profits.  If a company is required to restate its financial statements because of material noncompliance with SEC financial reporting requirements as a result of misconduct, the CEO and CFO are required to reimburse the company for (1) any bonus or other incentive-based or equity-based compensation received during the 12-month period following the public issuance or filing of the financial documents, and (2) any profits realized from the sale of company securities during the 12-month period.

NOTE: The Act does not specify whose misconduct nor the level of misconduct that could give rise to CEO and CFO reimbursement.

Freezing of Assets.  The SEC may, during an investigation, seek an order in federal court imposing a 45-day freeze on extraordinary payments to corporate executives. The payments would be placed in escrow to ensure that corporate assets are not improperly taken for an executive’s personal benefit.

Statute of Limitations for Securities Fraud.  The Act amends the statute of limitations for securities fraud claims, which under the Act must be brought within two years of discovery of the facts constituting the violation or within five years after the violation.  Previously, these periods were one year and three years.

Criminal Penalties for Defrauding Shareholders.  The Act authorizes the imposition of criminal penalties, consisting of a fine or up to 25 years’ imprisonment, on persons who knowingly engage in securities fraud with respect to a public company.

White Collar Crime Penalty Enhancement Act of 2002.  The Act amends the mail fraud provisions of the United States Code to make “attempt” and “conspiracy to commit” crimes punishable as mail fraud.  Executives found guilty of committing these types of fraud could be sentenced to up to 20 years of jail time.

Document Destruction.  The Act strengthens laws that criminalize obstruction of justice, such as document shredding or falsifying records, allowing for fines and up to 20 years imprisonment if found guilty.

Whistleblower Protections.  The Act creates criminal sanctions against those who retaliate against whistleblowers and includes both fines and up to 10 years in jail.

Bankruptcy Loopholes.  The Act changes the bankruptcy code to make judgments and settlements based upon securities law violations non-dischargeable.  This provision helps protect victims of fraud by preventing corporate wrongdoers from sheltering their assets under the umbrella of bankruptcy.

Further Information

We expect that the adoption of the Act will lead to much public discussion and analysis over the coming weeks.  Because the SEC is responsible for adopting rules to implement the Act, we expect that SEC proposals will be submitted for public comment. We will regularly update you with regard to material developments concerning implementation of the Act.

This Alert is a publication of Haynes and Boone, LLP and should not be construed as legal advice on any particular facts or circumstances.  This Alert is for general informational purposes only, and may not be quoted or referred to in any other documents or legal proceeding without our prior written consent.  The publication of this Alert is not intended to create an attorney-client relationship.

If you would like to learn more about the Act and the rules and regulations relating to the Act, please feel free to contact your regular Haynes and Boone attorney or any member of our Corporate Governance Practice Group listed above.

Email Disclaimer